OmniOS / Napp-IT -SMB users lookup/add not working from Windows

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

ssherwood

New Member
Oct 7, 2011
19
2
3
Hello all,

Sorry for the length of this - I've done a lot of searching, and research, but am still stuck. Any assistance would be welcome!

I've been working on a SMB issue with my system which is running OmniOS (v11 r151026e) & Napp-IT (18.01 free Apr.02.2018). This is an AIO setup running in ESXi 5.1, if that is material.

In a nutshell, I've got SMB working, but would like to be able to edit permissions from Windows, which isn't working completely.

Existing ACLs are working for named Windows users on restricted shares (no file permissions for everybody@), and I can edit (eg. add/remove 'full control', modify, write permissions etc.) and remove an existing ACL (created from OmniOS CLI) from Windows but cannot add new users (which exist in Napp-IT/OmniOS). Windows complains:

"An object named "<username>" cannot be found. Check the selected object types and location for accuracy and ensure that you typed the object name correctly, or remove this object from the selection."

Now - this is more a matter of convenience as I'm able to add permissions from the OmniOS CLI like:

chmod A+user:<username>:rwxpdDaARWcCos:fd-----:allow /pool/sharename

And subsequently edit the ACLs from Windows, but I suspect a faulty setting/permission somewhere.

I've also tried to use MMC with the Shared Folders snap-in pointed to my OmniOS VM, and I'm able to see the shares, but when I try to add a user, I'm not able to most of the time. I've found some inconsistencies from one Windows machine to another. Either way, I can't just add a user by typing it into the 'enter object names to select' box.

Windows 7 Professional MMC sees the object types:
- Built-in security principals
- Groups
- Users
... but if I filter to users or groups and try a find (with no terms defined) via Advanced > Find Now, I get no results. Strangely, it does render results for the Built-in security principals. The shares work from Windows 7, and I'm able to change existing permissions, including deleting them, but as the system cannot see the Users objects, I'm unable to add users.

Windows 10 Enterprise MMC sees the object types:
- Other objects

- Built-in security principals
- Groups
- Users
... here I can do a bit more as in Advanced > Find Now, I'm able to see the users. But as above, I cannot simply key in the username into the 'enter object names to select' box, I have to use Advanced, then Find Now. If I select the user from the search results, it brings over a resolved (GUI shows an underline under the object name) name into the 'enter object names to select' box, and clicking OK does result in the user being added.

That said, if I manually key in exactly the same information into that box and perform a lookup, I get the "An object named "<username>" cannot be found..." error.

In Windows 10, I'm also able to do the same thing (Advanced > Find Now) to lookup existing users on OmniOS in the respective share's (right click on share then Properties > Security > Edit > Add > Advanced > Find Now)

I've tried this on existing and new/test folders/shares with the same results.

So to recap, both Windows 7 & 10 seem to be able to edit existing ACLs, but only Windows 10 seems to manage adding a new ACL, and then, you have to jump through some hoops in order to get it done.

I've been running ZFS via Nexenta and now Napp-IT for years, and have in the past been able to manage ACLs from inside Windows. At some point though, this stopped working, so I stopped using granular ACLs (personal/home environment) and just used everyone@ full_set permissions. I have a new need to restrict access, and so I'd like to start applying some ACLs, and managing this from Windows is a must day-to-day changes.

Thanks in advance if you have made it to the end - I'd appreciate any tips/suggestions.

-SS
 

gea

Well-Known Member
Dec 31, 2010
3,141
1,182
113
DE
I have seen similar problems recently with Windows 10 on OmniOS in workgroup mode when accessing the NAS via ip (AD mode is ok).

I would try
- add the NAS to your DNS server or add an entry to the Windows hosts file (edit with notepad started as admin)
the Windows hostfile is in %windir%\system32\divers\etc

add an entry with your ip ex
92.168.1.20 nas

Then connect your nas from Windows via \\nas as user root (or a user in the OmniOS SMB group admins)
and open the permission tab from Windows 10

Add users via properties > add > advanced > search user and select one from the list
Adding a user directly per name ex nas\paul gives the error

other option to care
Services > properties: set netbios_enable to true

btw
I have asked this in Illumos developper maillist but no info so far
Topicbox

If you like you can add your insights there
 

ssherwood

New Member
Oct 7, 2011
19
2
3
I have seen similar problems recently with Windows 10 on OmniOS in workgroup mode when accessing the NAS via ip (AD mode is ok).
Thanks @gea - do you have any suggestions for the Windows 7 clients? I'm in Workgroup mode - sorry if I didn't state that earlier.

I'm already using the hostname to access the SMB shares from the Windows computers, and there is no domain name. (ie. its all host.localdomain)

Re: other option to care
Services > properties: set netbios_enable to true

I found this under SMB, and it is already set to true.

I'll try to add a static mapping on the Windows machines to see if it helps - thanks for the suggestion!
 
Last edited: